Ninjas Practicing Multidimensionality
Severity: critical

Command Injection

apex-publish-static-files

Overview

Versions of apex-publish-static-files before 2.0.1 are vulnerable to command injection. This is exploitable if user input is passed into the connectString option in the publish method.

Remediation

Update to version 2.0.1 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. Created

    2018-11-01T14:09:00.603Z
  2. Updated

    2018-11-01T14:09:00.603Z